<?php
ini_set('display_errors', 0);
$connection = mssql_connect('\SQLEXPRESS', 'sa', 'password here'); // <<== Change YOURHOST and YOURPASSWORD
if(!connection || !mssql_select_db('ACCOUNT_DBF', $connection))
{
die('Unable to connect or select database!');
}
$checkusername = $_POST['Username'];
$query = mssql_query("SELECT account FROM ACCOUNT_TBL WHERE account = '$checkusername'");
$result = mssql_fetch_row($query);
$checkpassword = $_POST['FirstPassword'];
$query2 = mssql_query("SELECT password FROM ACCOUNT_TBL WHERE account = '$checkusername'");
$resultpass = mssql_fetch_row($query2);
$passwordcheck = md5('serus' . $_POST['FirstPassword']);
if(isset($_POST['submit'])){
if($_POST['Username'] == ""){
$error = '<font color="red">Please fill up all the fields.</font>';
}
else if($result[0] != $checkusername){
$error = '<font color="red">Your Username doesnt exist.</font>';
}
else if($_POST['FirstPassword'] == ""){
$error = '<font color="red">Please isert your old password.</font>';
}
else if($passwordcheck != $resultpass[0]){
$error = '<font color="red">Your password isnt correct.</font>';
}
else if($_POST['NewPassword'] == ""){
$error = '<font color="red">Please insert your new password.</font>';
}
else if($_POST['NewPassword2'] == ""){
$error = '<font color="red">Please repeat your new password.</font>';
}
else if($_POST['NewPassword'] != $_POST['NewPassword2']){
$error = '<font color="red">Yuor New passwords dont match</font>';
}
else{
$NewPassword = md5('serus' . $_POST['NewPassword']);
mssql_query("UPDATE ACCOUNT_TBL SET password = '$NewPassword' WHERE account = '$checkusername'");
$error = '<font color="green">Your password was successfully changed.</font>';
}
}
echo '<form action="pwchg.php" method="post"><br />';
echo 'Username: <input type="text" name="Username" /><br />';
echo 'Password: <input type="password" name="FirstPassword" /><br />';
echo 'New Password: <input type="password" name="NewPassword" /><br />';
echo 'Repeat New password: <input type="password" name="NewPassword2" /><br /><p>';
echo '<input type="submit" name="submit" value="Change Password!" /><br /><br />';
echo '</form>';
echo $error
?>